| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aS6POwWg4C7sPwsn@intel.com>
Date: Tue, 2 Dec 2025 15:03:23 +0800
From: Chao Gao <chao.gao@...el.com>
To: Binbin Wu <binbin.wu@...ux.intel.com>
CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<x86@...nel.org>, <reinette.chatre@...el.com>, <ira.weiny@...el.com>,
<kai.huang@...el.com>, <dan.j.williams@...el.com>,
<yilun.xu@...ux.intel.com>, <sagis@...gle.com>, <vannapurve@...gle.com>,
<paulmck@...nel.org>, <nik.borisov@...e.com>, Farrah Chen
<farrah.chen@...el.com>, "Kirill A. Shutemov" <kas@...nel.org>, Dave Hansen
<dave.hansen@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, "Ingo
Molnar" <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin"
<hpa@...or.com>
Subject: Re: [PATCH v2 11/21] x86/virt/seamldr: Allocate and populate a
module update request
On Thu, Nov 27, 2025 at 04:30:41PM +0800, Binbin Wu wrote:
>
>
>On 10/1/2025 10:52 AM, Chao Gao wrote:
>[...]
>> +
>> +/* Allocate and populate a seamldr_params */
>> +static struct seamldr_params *alloc_seamldr_params(const void *module, int module_size,
>> + const void *sig, int sig_size)
>> +{
>> + struct seamldr_params *params;
>> + const u8 *ptr;
>> + int i;
>> +
>> + BUILD_BUG_ON(sizeof(struct seamldr_params) != SZ_4K);
>> + if (module_size > SEAMLDR_MAX_NR_MODULE_4KB_PAGES * SZ_4K)
>> + return ERR_PTR(-EINVAL);
>> +
>> + if (!IS_ALIGNED(module_size, SZ_4K) || !IS_ALIGNED(sig_size, SZ_4K) ||
>> + !IS_ALIGNED((unsigned long)module, SZ_4K) ||
>> + !IS_ALIGNED((unsigned long)sig, SZ_4K))
>> + return ERR_PTR(-EINVAL);
>> +
>> + /* seamldr_params accepts one 4KB-page for sigstruct */
>> + if (sig_size != SZ_4K)
>According to the link [2] you provided above, it seems that the layout of
>tdx_blob as following:
>tdx_blob
>|- u16 version
>|- u16 checksum
>|- u32 offset_of_module --------------------------------------|
>|- u8 signature[8] |
>|- u32 len 8KB + (N * 4KB) |
>|- u32 resv1 |
>|- u64 resv2[509] |
>|- u8 data[] |
> |- _u64 sigstruct[256] //2KB sigstruct |
> |- _u64 reserved2[256] |
> |- _u64 reserved3[N*512] //4KB aligned, optional, N >=0 |
> |- _u8 module[] //<-----------------------------|
>
>If N is not 0 for reserved3, then the sig_size passed will not be 4KB.
The "reserved3[N*512]" is there for future extension.
The current P-SEAMLDR ABI only supports one 4KB page, so if a blob's sig_size
is larger, the kernel has to reject it. The P-SEAMLDR ABI should be extended
first, and then we can add kernel support accordingly.
>
>
>> + return ERR_PTR(-EINVAL);
>> +
>> + params = (struct seamldr_params *)get_zeroed_page(GFP_KERNEL);
>> + if (!params)
>> + return ERR_PTR(-ENOMEM);
>> +
>> + params->scenario = SEAMLDR_SCENARIO_UPDATE;
>> + params->sigstruct_pa = (vmalloc_to_pfn(sig) << PAGE_SHIFT) +
>> + ((unsigned long)sig & ~PAGE_MASK);
>
>Since sig is 4KB aligned, is ((unsigned long)sig & ~PAGE_MASK) needed?
This is done intentionally. Otherwise, we would need to assume PAGE_SIZE is
4KB. Although this is true for x86, just in case it changes in the future and
subtly breaks this code, I use SZ_4K and apply PAGE_MASK here.
<snip>
>> +static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size)
>> +{
>> + const struct tdx_blob *blob = (const void *)data;
>> + int module_size, sig_size;
>> + const void *sig, *module;
>> +
>> + if (blob->version != 0x100) {
>> + pr_err("unsupported blob version: %u\n", blob->version);
>
>Based on the link [2], 0x100 stands for version 1.0, Using hexadecimal seems
>more readable.
Makes sense. Will do.
Powered by blists - more mailing lists